view release on metacpan or  search on metacpan

AuthCookieLDAP.pm  view on Meta::CPAN

'group').

=cut

        $c{ DBI_groupfield     } = _dir_config_var( $r, 'DBI_GroupField')
                    || 'grp';

=item C<WhatEverDBI_GroupUserField>

The field in the above table that has the user name.  This is not required
and defaults to 'user'.

=cut

        $c{ DBI_groupuserfield } = _dir_config_var( $r, 'DBI_GroupUserField' )
                    || 'user';





	return %c;
}

#-------------------------------------------------------------------------------
# _now_year_month_day_hour_minute_second -- Return a string with the time in
# this order separated by dashes.

sub _now_year_month_day_hour_minute_second()
{
	return sprintf '%04d-%02d-%02d-%02d-%02d-%02d', Today_and_Now;
}

#-------------------------------------------------------------------------------
# _percent_encode -- Percent-encode (like URI encoding) any non-alphanumberics
# in the supplied string.

sub _percent_encode($)
{
	my( $str ) = @_;
	$str =~ s/([^\w])/ uc sprintf '%%%02x', ord $1 /eg;
	return $str;
}

#-------------------------------------------------------------------------------
# _percent_decode -- Percent-decode (like URI decoding) any %XX sequences in
# the supplied string.

sub _percent_decode($)
{
	my( $str ) = @_;
	$str =~ s/%([0-9a-fA-F]{2})/ pack( "c",hex( $1 ) ) /ge;
	return $str;
}

#===============================================================================
# P U B L I C   F U N C T I O N S
#===============================================================================

#-------------------------------------------------------------------------------
# Take the credentials for a user and check that they match; if so, return
# a new session key for this user that can be stored in the cookie.
# If there is a problem, return a bogus session key.

sub authen_cred($$\@)
{
	my( $self, $r, @credentials ) = @_;

	my $auth_name = $r->auth_name;

	# Username goes in credential_0
	my $user = $credentials[ 0 ];
	unless ( $user =~ /^.+$/ ) {
		$r->log_reason( "Apache::AuthCookieLDAP: no username supplied for auth realm $auth_name", $r->uri );
		return 'bad';
	}
	# Password goes in credential_1
	my $password = $credentials[ 1 ];
	unless ( $password =~ /^.+$/ ) {
		$r->log_reason( "Apache::AuthCookieLDAP: no password supplied for auth realm $auth_name", $r->uri );
		return 'bad';
	}

	# get the configuration information.
	my %c = _dbi_config_vars $r;




	# Connect to the host
	my $con;
	unless ($con = Net::LDAP->new($c{LDAP_host}))
	{
	    $r->log_reason("LDAP Connection Failed", $r->uri);
	    return 'bad';
	}
		
	# Bind annonymously


	my $mess = $con->bind();
	unless ($mess->code == LDAP_SUCCESS) {
	    $r->log_reason("LDAP Bind Failed", $r->uri);
	    return 'bad';
	}


	# Search for the user
	my $filter = "($c{LDAP_user}=$user)";
	if($c{LDAP_filter} ne "")
	{
	 $filter = "(& $filter ($c{LDAP_filter}))";
	}	
	$mess = $con->search(base => $c{LDAP_DN}, filter => $filter);
	unless ($mess->code == LDAP_SUCCESS) {
	    $r->log_reason("LDAP Search Failed", $r->uri);
	    return 'bad';
	}


	# Does the user exsists
	unless ($mess->count) {
	    $r->log_reason("User: $user does not excist", $r->uri);
	    return 'bad';
	}
  
	# Take the first user
	my $entry = $mess->first_entry;
	my $dn = $entry->dn;

	# Bind as the user we're authenticating
	$mess = $con->bind($dn, password => $password);
	unless ($mess->code == LDAP_SUCCESS) {
	    $r->log_reason("User $user har wrong password", $r->uri);
	    return 'bad';
	}
	$con->unbind;